Daily cyber threats and internet security news: network security, online safety and latest security alerts
March 28th, 2009

Two Critical Vulnerabilities Fixed By Mozilla In Firefox 3.0.8

The open-source group Mozilla released Firefox 3.0.8 with fixes for two separate vulnerabilities, including a drive-by download issue. The update also fixes a zero-day flaw released earlier this week on a public exploit site. Both issues are rated “critical,” Mozilla’s highest severity rating.

The changes include:

MFSA 2009-13: Security researcher Nils reported via TippingPoint’s Zero Day Initiative that the XUL tree method _moveToEdgeShift was in some cases triggering garbage collection routines on objects which were still in use. In such cases, the browser would crash when attempting to access a previously destroyed object and this crash could be used by an attacker to run arbitrary code on a victim’s computer. This vulnerability does not affect Firefox 2, Thunderbird 2, or released versions of SeaMonkey.

MFSA 2009-12: Security researcher Guido Landi discovered that a XSL stylesheet could be used to crash the browser during a XSL transformation. An attacker could potentially use this crash to run arbitrary code on a victim’s computer.

Share this item with others:

More on CyberInsecure:
  • Firefox Is Out
  • Firefox Update Patch 9 Security Vulnberabilities, 4 Rated Critical
  • Mozilla Fixes 12 Security Vulnerabilities In Firefox
  • Five Vulnerabilities Patched In Firefox 3.0.2 and, Two Of Them Are Critical
  • Critical Memory Flaws Fixed By Mozilla In Firefox 3.0.7

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Two Critical Vulnerabilities Fixed By Mozilla In Firefox 3.0.8

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.